CODA-Portal security issues

The CODA-Portal architecture incorporates a number of security measures.

Only e-Framework users that have CODA-Portal Administrator rights set can manage Homepages. (An e-Framework adminstrator also has CODA-Portal Administrator rights.)

The CODA-Portal administrator controls:

which users have access to which content provider masters (via Homepage templates)
whether the user can change selection and display parameters that the content provider uses when connecting to the source data or application.
whether the user can customise his own Homepage.

Each content provider master contains connection details which determine the source supplying the content for a frame. The CODA-Portal administrator can set these connection details or can leave these blank in which case the settings of the current e-Framework user are used. By setting these connection details, CODA-Portal administrators can give users access to information or applications which the user's own logon account might not permit.

Within a Homepage template, the CODA-Portal administrator can specify what (if any) parameters and settings the user can change to modify the content in a frame. By making a frame completely non-modifiable, you can ensure that every user with that Homepage template will have identical content in that frame.